spimsimulator Buffer Overflow Vulnerability in READ_SYSCALL and WRITE_SYSCALL System Calls
Vulnerability
A buffer overflow vulnerability has been identified in spimsimulator versions through 9.1.24. This issue arises in the READ_SYSCALL and WRITE_SYSCALL system calls, where the application fails to properly validate the legitimacy of memory read/write addresses. By manipulating the starting and ending addresses to point to different memory segments within the virtual machine, it is possible to bypass these checks, leading to out-of-bounds memory access. This vulnerability can corrupt the host machine's memory, potentially allowing for a simulator escape.
Impact
Exploitation of this vulnerability can cause a heap overflow, corrupting the host machine's memory and potentially leading to a simulator escape.
Reproduction
The vulnerability can be reproduced by checking out the spimsimulator source code, navigating to the spim directory, and compiling the application with address sanitization enabled. Afterward, a proof-of-concept assembly program can be executed using the spim simulator, which demonstrates the buffer overflow by writing data to a memory address that overlaps with the host machine's memory.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.